Half of businesses still unprepared for GDPR

With a month to go, KPMG warnsan overwhelming majority of businesses haven't scrutinised third parties for possible compliance issues.

Shares

(Image credit: Image Credit: Docstockmedia / Shutterstock)

With just a month to go, new research has found that more than half of businesses worldwide are still not prepared for the upcoming General Data Protection Regulation (GDPR).

According to KPMG and The Legal 500, 54 per cent of companies feel that their businesses aren't ready for the new legislation, and an overwhelming majority of businesses haven't scrutinised third parties for possible compliance issues either.

Looking at who's doing most work within an organisation, it seems as the General Counsel is leading the pack. They were 'more likely to be responsible for setting data protection compliance policies than any other function leader across the organisations surveyed'. They are followed by chief compliance officers.

“The research conducted by Legal 500 demonstrates that a gulf still exists between the perception of GDPR preparedness and the reality,” commented Juerg Birri, KPMG’s global head of legal services.

“In particular it appears too few boards are fully aware of the significant risks of non-compliance and many non-EU businesses have underestimated the impact that the legislation will have on them if they handle EU data. Surprisingly, many businesses haven’t looked at their supply chain as a potential risk for GDPR compliance. This is particularly challenging for global organisations, with thousands of suppliers, and could be costly if not addressed with the appropriate rigour needed under the GDPR.”

“Yet for all the risk, GDPR is a good opportunity to win consumer trust, examine closely how data is collected and stored, and prepare for a world where this data will become increasingly valuable. Many of our clients see GDPR as an opportunity to build a picture of how their organisation manages data, which has recently become a key element for company reputation.”

Businesses that have data security and cyber risk on the agenda for senior management, are more likely to have prepared for GDPR (50 per cent) compared to those that have not (13 per cent).

An engaged board ‘helps at every stage of the journey’ towards GDPR compliance, the report added.

“This is clear when we compare the measures taken at organisations which see GDPR as a board-level issue vs those which do not.”